Activating an electronic privacy screen during display of sensitve information

ABSTRACT

One embodiment provides a method including: receiving, on a display device, a request to display data; detecting, using a processor, a factor indicating a need for privacy; activating, based on the detecting, a privacy filter of the display device; and displaying, on the display device, the data. Other aspects are described and claimed.

BACKGROUND

Information handling devices (“devices”), for example cell phones, smartphones, tablet devices, laptop computers, and the like permit users tocreate, access and store a variety of different media or data on theirmobile devices. The media or data may include, for example, pictures orimages, videos, audio content, text or other documents, etc. This easeof access to media allows users access to the media regardless of timeor location. For example, it is typical for employees to receive workrelated email communications even during off hours.

However, this constant connection can lead to problems when the databeing accessed by a user is confidential in nature. Although businessesbenefit from having their employees constantly connected to thecorporate world, it can have negative consequences when an employee isviewing sensitive work documents in a public place, or sharing them withunauthorized viewers. However, completely restricting employee access todata is viewed as an overly burdensome and restrictive solution.

BRIEF SUMMARY

In summary, one aspect provides a method, comprising: receiving, on adisplay device, a request to display data; detecting, using a processor,a factor indicating a need for privacy; activating, based on thedetecting, a privacy filter of the display device; and displaying, onthe display device, the data.

Another aspect provides an information handling device, comprising: aprocessor; a display device; a memory device that stores instructionsexecutable by the processor to: receive a request to display a data;detect a factor indicating a need for privacy; activate, based on thedetecting, a privacy filter of the display device; and display, on thedisplay device the data.

A further aspect provides a product, comprising: a storage device havingcode stored therewith, the code being executable by a processor andcomprising: code that receives, at an input device, a request to displaydata; code that detects a factor indicating a need for privacy; codethat activates, based on the detecting, a privacy filter of the displaydevice; and code that displays, on the display device, the data.

The foregoing is a summary and thus may contain simplifications,generalizations, and omissions of detail; consequently, those skilled inthe art will appreciate that the summary is illustrative only and is notintended to be in any way limiting.

For a better understanding of the embodiments, together with other andfurther features and advantages thereof, reference is made to thefollowing description, taken in conjunction with the accompanyingdrawings. The scope of the invention will be pointed out in the appendedclaims.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 illustrates an example of information handling device circuitry.

FIG. 2 illustrates another example of information handling devicecircuitry.

FIG. 3 illustrates an example method of automatically enabling a privacyfilter.

FIG. 4 illustrates an additional example method of automaticallyenabling a privacy filter.

DETAILED DESCRIPTION

It will be readily understood that the components of the embodiments, asgenerally described and illustrated in the figures herein, may bearranged and designed in a wide variety of different configurations inaddition to the described example embodiments. Thus, the following moredetailed description of the example embodiments, as represented in thefigures, is not intended to limit the scope of the embodiments, asclaimed, but is merely representative of example embodiments.

Reference throughout this specification to “one embodiment” or “anembodiment” (or the like) means that a particular feature, structure, orcharacteristic described in connection with the embodiment is includedin at least one embodiment. Thus, the appearance of the phrases “in oneembodiment” or “in an embodiment” or the like in various placesthroughout this specification are not necessarily all referring to thesame embodiment.

Furthermore, the described features, structures, or characteristics maybe combined in any suitable manner in one or more embodiments. In thefollowing description, numerous specific details are provided to give athorough understanding of embodiments. One skilled in the relevant artwill recognize, however, that the various embodiments can be practicedwithout one or more of the specific details, or with other methods,components, materials, et cetera. In other instances, well knownstructures, materials, or operations are not shown or described indetail to avoid obfuscation.

As technology continues to improve, more media will be consumed onmobile devices by users on the go. Although as a whole mobileproductivity is beneficial, it can have unintended consequences. One ofthe most important issues businesses deal with regularly is the controland regulation of sensitive or confidential information. The ability ofa company or organization to control their confidential and/or sensitiveinformation is greatly decreased when they enable employees to view orutilize that information out of the office.

One of the major concerns of enabling mobile devices is the possibilitythat sensitive data will be viewed by non-approved entities. Forexample, an employee viewing confidential designs in an airport mayinadvertently divulge the information to the multiple other airlinepassengers who can also view it. One current solution is the use ofphysical privacy filters that can be placed directly on the device. Forexample, 3M's Privacy Screen Protector. These filters work by overlayinga thin polarized material on the display screen, thus restricting theviewing angle of the display. 3M is a registered trademark of 3M Companyin the United States of America and other countries.

However, this style of privacy filter can be removed by a user due totheir personal preference, or in order more easily to sharenon-sensitive information with others. Once removed, the physical filtermaterial is unlikely to be replaced and any subsequent viewing ofsensitive material will be without the additional privacy protection.Therefore, this technical issue presents problems when a user interfereswith the privacy protection screen. Thus, a much more convenientsolution in many scenarios, involves a solution that can accommodateboth the user's preference regarding non-sensitive materials and thecompanies need to ensure the privacy filter is active when viewingsensitive material.

Accordingly, an embodiment provides a method of receiving an inputrequest for data (e.g., a user requesting a file or application beopened) on an electronic device. Upon receiving the request, determiningthe location of the electronic device using GPS or similar locationmethod. The device then compares the determined location against a setof predetermined locations to determine if the device is currently in anunsecure area. If the device is determined to be in an unsecure area, aprivacy filter is electronically activated on the display, and then therequested information is displayed.

In another embodiment, a method receives an input request for datasimilar to the above. Upon receiving the request, the device accessesmetadata associated with the data being requested (e.g., a user requestsa secure email to be opened and the email has included with it metadataindicating it contains sensitive information). Based on the informationstored in the metadata, a determination is made as to whether therequested data is of a sensitive nature (e.g., contains personalinformation or confidential company information). If it is determined,based on the metadata, that the file contains sensitive material, aprivacy filter is electronically activated, and the requested data isdisplayed.

The illustrated example embodiments will be best understood by referenceto the figures. The following description is intended only by way ofexample, and simply illustrates certain example embodiments.

While various other circuits, circuitry or components may be utilized ininformation handling devices, with regard to smart phone and/or tabletcircuitry 100, an example illustrated in FIG. 1 includes a system on achip design found for example in tablet or other mobile computingplatforms. Software and processor(s) are combined in a single chip 110.Processors comprise internal arithmetic units, registers, cache memory,busses, I/O ports, etc., as is well known in the art. Internal bussesand the like depend on different vendors, but essentially all theperipheral devices (120) may attach to a single chip 110. The circuitry100 combines the processor, memory control, and I/O controller hub allinto a single chip 110. Also, systems 100 of this type do not typicallyuse SATA or PCI or LPC. Common interfaces, for example, include SDIO andI2C.

There are power management chip(s) 130, e.g., a battery management unit,BMU, which manage power as supplied, for example, via a rechargeablebattery 140, which may be recharged by a connection to a power source(not shown). In at least one design, a single chip, such as 110, is usedto supply BIOS like functionality and DRAM memory.

System 100 typically includes one or more of a WWAN transceiver 150 anda WLAN transceiver 160 for connecting to various networks, such astelecommunications networks and wireless Internet devices, e.g., accesspoints. Additionally, devices 120 are commonly included, e.g., an imagesensor such as a camera. System 100 often includes a touch screen 170for data input and display/rendering. System 100 also typically includesvarious memory devices, for example flash memory 180 and SDRAM 190.

FIG. 2 depicts a block diagram of another example of informationhandling device circuits, circuitry or components. The example depictedin FIG. 2 may correspond to computing systems such as the THINKPADseries of personal computers sold by Lenovo (US) Inc. of Morrisville,N.C., or other devices. As is apparent from the description herein,embodiments may include other features or only some of the features ofthe example illustrated in FIG. 2.

The example of FIG. 2 includes a so-called chipset 210 (a group ofintegrated circuits, or chips, that work together, chipsets) with anarchitecture that may vary depending on manufacturer (for example,INTEL, AMD, ARM, etc.). INTEL is a registered trademark of IntelCorporation in the United States and other countries. AMD is aregistered trademark of Advanced Micro Devices, Inc. in the UnitedStates and other countries. ARM is an unregistered trademark of ARMHoldings plc in the United States and other countries. The architectureof the chipset 210 includes a core and memory control group 220 and anI/O controller hub 250 that exchanges information (for example, data,signals, commands, etc.) via a direct management interface (DMI) 242 ora link controller 244. In FIG. 2, the DMI 242 is a chip-to-chipinterface (sometimes referred to as being a link between a “northbridge”and a “southbridge”). The core and memory control group 220 include oneor more processors 222 (for example, single or multi-core) and a memorycontroller hub 226 that exchange information via a front side bus (FSB)224; noting that components of the group 220 may be integrated in a chipthat supplants the conventional “northbridge” style architecture. One ormore processors 222 comprise internal arithmetic units, registers, cachememory, busses, I/O ports, etc., as is well known in the art.

In FIG. 2, the memory controller hub 226 interfaces with memory 240 (forexample, to provide support for a type of RAM that may be referred to as“system memory” or “memory”). The memory controller hub 226 furtherincludes a low voltage differential signaling (LVDS) interface 232 for adisplay device 292 (for example, a CRT, a flat panel, touch screen,etc.). A block 238 includes some technologies that may be supported viathe LVDS interface 232 (for example, serial digital video, HDMI/DVI,display port). The memory controller hub 226 also includes a PCI-expressinterface (PCI-E) 234 that may support discrete graphics 236.

In FIG. 2, the I/O hub controller 250 includes a SATA interface 251 (forexample, for HDDs, SDDs, etc., 280), a PCI-E interface 252 (for example,for wireless connections 282), a USB interface 253 (for example, fordevices 284 such as a digitizer, keyboard, mice, cameras, phones,microphones, storage, other connected devices, etc.), a networkinterface 254 (for example, LAN), a GPIO interface 255, a LPC interface270 (for ASICs 271, a TPM 272, a super I/O 273, a firmware hub 274, BIOSsupport 275 as well as various types of memory 276 such as ROM 277,Flash 278, and NVRAM 279), a power management interface 261, a clockgenerator interface 262, an audio interface 263 (for example, forspeakers 294), a TCO interface 264, a system management bus interface265, and SPI Flash 266, which can include BIOS 268 and boot code 290.The I/O hub controller 250 may include gigabit Ethernet support.

The system, upon power on, may be configured to execute boot code 290for the BIOS 268, as stored within the SPI Flash 266, and thereafterprocesses data under the control of one or more operating systems andapplication software (for example, stored in system memory 240). Anoperating system may be stored in any of a variety of locations andaccessed, for example, according to instructions of the BIOS 268. Asdescribed herein, a device may include fewer or more features than shownin the system of FIG. 2.

Information handling device circuitry, as for example outlined in FIG. 1or FIG. 2, may be used in devices such as tablets, smart phones,personal computer devices generally, and/or electronic devices whichusers may use to access sensitive information on. For example, thecircuitry outlined in FIG. 1 may be implemented in a tablet or smartphone embodiment, whereas the circuitry outlined in FIG. 2 may beimplemented in a personal computer embodiment.

Referring now to FIG. 3, an embodiment receives a request to display animage at 301. The term image is used herein to generally describe anymedia or data that can be presented to a user on a device (e.g., text,pictures, text entry fields, applications interfaces, videos, audiocontent, etc.). For example, a user could request to view a companyemail, open a confidential document, or just play a game. Once therequest is received at 301, an embodiment detects the current devicelocation at 302. The location detection may be accomplished by anonboard sensor or an external sensor within close proximity to thedevice. The sensor may be any type capable of determining devicelocation (e.g., GPS, multilateration of radio signals between cellulartowers, Wi-Fi connections, etc.).

Once the device location is detected at 302, an embodiment determines ifthe location is considered a secure location to display sensitivematerial (e.g., company conference room, client business location, etc.)at 303. By way of example, an embodiment, may determine, based on thedevice location, that the device is in a predetermined restricted area(e.g., an airport, sporting venue, foreign country, etc.) and thus it isunsafe to display sensitive material at 303. Alternatively, anembodiment may determine that the device is in a predetermined securearea (e.g., in a user's residence, in a work place office, at a remotejobsite, etc.) and thus it would be secure to fully display therequested data without restriction (e.g., a privacy filter) at 303.

Additionally or alternatively, an embodiment may detect when a devicehas left a specific location at 302. For example, a device may determineit is within a secure boundary if connected to the company Wi-Fi (thusindicating the user is within the boundaries of the company officespace). This may generally be referred to as geo-fencing. Geo-fencingcan be any dynamically generated shape or formation that creates avirtual boundary to be detected by a device. Geo-fencing as with thegeneral location tracking can be accomplished via any typical locationbased sensing system (e.g., GPS, multilateration of radio signalsbetween cellular towers, WiFi connetions, etc.).

If it is determined that the location is safe for the purposes ofdisplaying sensitive materials at 303, an embodiment will then displaythe requested image data to the user at 304. However, if it isdetermined that the location is unsecure, an electronically activatedprivacy screen will be enabled at 305. This privacy filter enables auser to view sensitive material while minimizing the risk that anunauthorized third party gets access. Once the privacy filter is enabledan embodiment will then display the requested image at 304.

Referring now to FIG. 4, an embodiment may receive a request to displayan image at 401. For example, a user could request to view a companyemail, open a confidential document, or just play a game. Once therequest is received at 401, an embodiment detects metadata correspondingto the requested image at 402. Metadata is data that describes featuresor characteristics of other stored data (e.g., creation date,geo-location of creation, etc,). In the current embodiment the imagebeing requested may contain specific metadata relating to the content ofthe requested data (e.g., that an email contains personal information,which has been identified as private by the sender).

In a further embodiment, the detected metadata at 402 comprises asecurity setting. The security setting may have different tier levelsthus allowing for certain activities but restricting others (e.g., atier that only allows the opening of a document when the device isconnected to a specific company Wi-Fi access point, or alternatively atier that allows opening of a document when the device is determined tobe located on the companies premises and connected to company Wi-Fi).The security setting is used to limit the exposure of the sensitiverequested data.

In an embodiment, the security setting is determined during the creationof the data and stored in the metadata by the creator (e.g., a humanresources employee labeling an office email as confidential due to itcontaining private employee records.). This allows the data creator todetermine what level of security is required based on the informationthey include.

An embodiment may allow a user to modify the security settings stored inthe metadata. For example, a team drafted confidential document isimparted with file security settings by the creator. However, anembodiment allows a team member, e.g., even if other than the datacreator, to disable some or all of the security features in order toshare or publish the document.

An embodiment may lock the security settings stored in the metadata,thus not allowing future users of the data to alter the securitysettings. Typically, users may attempt to remove certain settings thatmay impede their efforts (e.g., make the displayed image harder to see).Current privacy filters may inhibit viewing in certain lightingconditions, which may lead users to remove the protective material.However, an electronically controlled privacy filter, such as thatdescribed herein, may be implemented such that it cannot be removed by auser. Therefore, a creator of the document has more control over theability to disable the privacy filter feature that ensures sensitivedata is protected and thereby preventing user error.

Once the metadata is detected at 402, an embodiment determines if themetadata contains security settings indicating that the data containssensitive material (e.g., confidential, undisclosed company tradesecrets, etc.) at 403. By way of example, an embodiment, may determine,based on the security settings stored in the metadata that the requesteddata contains company trade secrets and is thus unsafe for typicalnon-protected display at 403. Alternatively, an embodiment may determinethat the metadata does not include any restrictive security settings andis thus secure to fully display the requested data without restrictionat 403.

If it is determined, based on the security settings, that the requesteddata is safe for the purposes of display at 403, an embodiment will thendisplay the requested image data to the user at 404. However, if it isdetermined that the requested data does include security settings storedin the metadata, an electronically activated privacy screen will beenabled at 405. This privacy filter enables a user to view sensitivematerial while minimizing the risk that an unauthorized third party getsaccess. Once the privacy filter is enabled an embodiment will thendisplay the requested image at 403.

Referring now to FIG. 3 and FIG. 4, in an embodiment, the securitysettings stored within metadata at 402 may be combined with the detectedlocation of the device at 302, thus allowing for greater flexibility ofcontrol of sensitive data. For example, although the device may belocated in an airport (i.e., a previously discussed unsecure location),if the security settings indicate the data does not contain sensitivedata the privacy filter will not be activated. Alternatively, even ifthe user is located at a predetermined secure location (e.g., an offsitework location) the data creator may still specify that the securitysettings activate the privacy display at all or certain predeterminedsecure locations.

In an embodiment the privacy filter may be activated via a hardwareaspect of the display. For example, an embodiment may implement pixelmanipulation, polarization, adjustment of viewing angle, or the likebased on altering a hardware setting of the display device. Anembodiment also may activate a privacy filter via a softwareimplementation, e.g., dimming the display, providing a transparent orpattern overlay, etc. A combination of hardware and software privacyfiltering may be implemented.

Accordingly, as illustrated by the example embodiments and figures, anembodiment provides a method of receiving an input request for data atan electronic device. Then determining, using a sensor device, thelocation of the electronic device. Once the location is determined, thedevice compares the determined location against a set of predeterminedlocations to decide if the device is in an unsecure (e.g., populated)area. Based on the determination, the device may electronically activatea privacy filter on the display, thus protecting the requestedinformation that is being displayed.

The various embodiments described herein thus represent a technicalimprovement including a method of receiving an input request for data.Accessing stored metadata that is associated with the requested data,and based on the information stored in the metadata (e.g., securitysettings) a determination is made as to whether the requested data is ofa sensitive nature. If, based on the security settings, it is determinedthe file contains sensitive or confidential material, a privacy filteris electronically activated and the requested data is displayed with theadditional security of the privacy filter.

As will be appreciated by one skilled in the art, various aspects may beembodied as a system, method or device program product. Accordingly,aspects may take the form of an entirely hardware embodiment or anembodiment including software that may all generally be referred toherein as a “circuit,” “module” or “system.” Furthermore, aspects maytake the form of a device program product embodied in one or more devicereadable medium(s) having device readable program code embodiedtherewith.

It should be noted that the various functions described herein may beimplemented using instructions stored on a device readable storagemedium such as a non-signal storage device that are executed by aprocessor. A storage device may be, for example, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples of a storage medium would include the following: aportable computer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), an optical fiber, a portable compact disc read-onlymemory (CD-ROM), an optical storage device, a magnetic storage device,or any suitable combination of the foregoing. In the context of thisdocument, a storage device is not a signal and “non-transitory” includesall media except signal media.

Program code embodied on a storage medium may be transmitted using anyappropriate medium, including but not limited to wireless, wireline,optical fiber cable, RF, et cetera, or any suitable combination of theforegoing.

Program code for carrying out operations may be written in anycombination of one or more programming languages. The program code mayexecute entirely on a single device, partly on a single device, as astand-alone software package, partly on single device and partly onanother device, or entirely on the other device. In some cases, thedevices may be connected through any type of connection or network,including a local area network (LAN) or a wide area network (WAN), orthe connection may be made through other devices (for example, throughthe Internet using an Internet Service Provider), through wirelessconnections, e.g., near-field communication, or through a hard wireconnection, such as over a USB connection.

Example embodiments are described herein with reference to the figures,which illustrate example methods, devices and program products accordingto various example embodiments. It will be understood that the actionsand functionality may be implemented at least in part by programinstructions. These program instructions may be provided to a processorof a device, a special purpose information handling device, or otherprogrammable data processing device to produce a machine, such that theinstructions, which execute via a processor of the device implement thefunctions/acts specified.

It is worth noting that while specific blocks are used in the figures,and a particular ordering of blocks has been illustrated, these arenon-limiting examples. In certain contexts, two or more blocks may becombined, a block may be split into two or more blocks, or certainblocks may be re-ordered or re-organized as appropriate, as the explicitillustrated examples are used only for descriptive purposes and are notto be construed as limiting.

As used herein, the singular “a” and “an” may be construed as includingthe plural “one or more” unless clearly indicated otherwise.

This disclosure has been presented for purposes of illustration anddescription but is not intended to be exhaustive or limiting. Manymodifications and variations will be apparent to those of ordinary skillin the art. The example embodiments were chosen and described in orderto explain principles and practical application, and to enable others ofordinary skill in the art to understand the disclosure for variousembodiments with various modifications as are suited to the particularuse contemplated.

Thus, although illustrative example embodiments have been describedherein with reference to the accompanying figures, it is to beunderstood that this description is not limiting and that various otherchanges and modifications may be affected therein by one skilled in theart without departing from the scope or spirit of the disclosure.

What is claimed is:
 1. A method, comprising: receiving, on a displaydevice, a request to display data; detecting, using a processor, whethera factor indicating a need for privacy is present; activating,responsive to detecting that a factor indicating a need for privacy ispresent, an electronic privacy filter of the display device; anddisplaying, on the display device, the data with the electronic privacyfilter, wherein the data with the electronic privacy filter is viewableby a user.
 2. The method of claim 1, wherein the factor comprises thedisplay device location.
 3. The method of claim 2, wherein the detectingcomprises determining, based on the display device location, if thedevice is in a predetermined area.
 4. The method of claim 2, wherein thedetecting comprises determining that the device is moving above athreshold speed.
 5. The method of claim 1, wherein the activatingcomprises modifying a hardware aspect of the display device.
 6. Themethod of claim 1, wherein the factor is selected from the groupconsisting of metadata corresponding to the data to be displayed and thedata to be displayed.
 7. The method of claim 6, wherein the metadatacomprises security data.
 8. The method of claim 7, wherein the securitydata comprises location data.
 9. The method of claim 7, wherein thesecurity data is determined during creation of the data to be displayed;and wherein the security data is modifiable by a user.
 10. The method ofclaim 7, wherein the security data is determined during creation of thedata to be displayed; and wherein the security data is not modifiable bya user.
 11. An information handling device, comprising: a processor; adisplay device; a memory device that stores instructions executable bythe processor to: receive a request to display a data; detect whether afactor indicating a need for privacy is present; activate, responsive todetecting that a factor indicating a need for privacy is present, anelectronic privacy filter of the display device; and display, on thedisplay device the data with the electronic privacy filter, wherein thedata with the electronic privacy filter is viewable by a user.
 12. Theinformation handling device of claim 11, wherein the factor comprisesthe display device location.
 13. The information handling device ofclaim 12, wherein the detecting comprises determining, based on thedisplay device location, if the device is in a predetermined area. 14.The information handling device of claim 12, wherein the detectingcomprises determining, based on the device location, if the device is ina predetermined area.
 15. The information handling device of claim 12,wherein the detecting comprises determining, that the device is movingabove a threshold speed.
 16. The information handling device of claim11, wherein the activating comprises modifying a hardware aspect of thedisplay device.
 17. The information handling device of claim 11, whereinthe factor is selected from the group consisting of metadatacorresponding to the data to be displayed.
 18. The information handlingdevice of claim 17, wherein the metadata comprises security data; andwherein the security data comprises location data.
 19. The informationhandling device of claim 17, wherein the metadata comprises securitydata determined during creation of the data to be displayed; and whereinthe security data has a characteristic selected from the groupconsisting of: being modifiable by a user and not being modifiable by auser.
 20. A product, comprising: a storage device having code storedtherewith, the code being executable by a processor and comprising: codethat receives, at an input device, a request to display data; code thatdetects whether a factor indicating a need for privacy is present; codethat activates, responsive to detecting that a factor indicating a needfor privacy is present, an electronic privacy filter of the displaydevice; and code that displays, on the display device, the data with theelectronic privacy filter, wherein the data with the electronic privacyfilter is viewable by a user.